tessl/npm-arweave
JavaScript/TypeScript client library for the Arweave decentralized permanent data storage network
—
Pending
Quality
Pending
Does it follow best practices?
Impact
Pending
No eval scenarios have been run
Securityby
Pending
The risk profile of this skill
cryptographic-operations.mddocs/
Cryptographic Operations
Low-level cryptographic functions for signing, verification, encryption, hashing, and key management. Provides the cryptographic foundation for Arweave transactions and data security.
Capabilities
Generate Key Pair
Generate a new RSA key pair for wallet creation.
/**
* Generate a new RSA key pair
* @returns Promise resolving to JWK (JSON Web Key)
*/
generateJWK(): Promise<JWKInterface>;Usage Example:
import Arweave from "arweave";
const arweave = Arweave.init();
// Generate new key pair
const keyPair = await Arweave.crypto.generateJWK();
console.log("Generated key:", keyPair);
// Convert to address
const address = await arweave.wallets.jwkToAddress(keyPair);
console.log("Wallet address:", address);Sign Data
Sign data using RSA-PSS with a private key.
/**
* Sign data with RSA-PSS
* @param jwk - JSON Web Key containing private key
* @param data - Data to sign as Uint8Array
* @param options - Signing options
* @returns Promise resolving to signature as Uint8Array
*/
sign(
jwk: JWKInterface,
data: Uint8Array,
options?: SignatureOptions
): Promise<Uint8Array>;Usage Example:
const key = await Arweave.crypto.generateJWK();
const message = new TextEncoder().encode("Hello, Arweave!");
// Sign the message
const signature = await Arweave.crypto.sign(key, message);
console.log("Signature created:", signature);
// Sign with custom salt length
const customSignature = await Arweave.crypto.sign(key, message, {
saltLength: 32
});Verify Signature
Verify an RSA-PSS signature using the public key.
/**
* Verify RSA-PSS signature
* @param publicModulus - Public key modulus (n parameter from JWK)
* @param data - Original data that was signed
* @param signature - Signature to verify
* @returns Promise resolving to verification result
*/
verify(
publicModulus: string,
data: Uint8Array,
signature: Uint8Array
): Promise<boolean>;Usage Example:
const key = await Arweave.crypto.generateJWK();
const message = new TextEncoder().encode("Hello, Arweave!");
const signature = await Arweave.crypto.sign(key, message);
// Verify signature using public key modulus
const isValid = await Arweave.crypto.verify(key.n, message, signature);
console.log("Signature valid:", isValid);
// Verify transaction signature
const transaction = await arweave.transactions.get("tx-id");
const signatureData = await transaction.getSignatureData();
const txValid = await Arweave.crypto.verify(
transaction.owner,
signatureData,
Arweave.utils.b64UrlToBuffer(transaction.signature)
);Hash Data
Compute cryptographic hash of data using SHA-256 or other algorithms.
/**
* Hash data using specified algorithm
* @param data - Data to hash
* @param algorithm - Hash algorithm (default: "SHA-256")
* @returns Promise resolving to hash as Uint8Array
*/
hash(data: Uint8Array, algorithm?: string): Promise<Uint8Array>;Usage Example:
const data = new TextEncoder().encode("Hello, Arweave!");
// SHA-256 hash (default)
const hash256 = await Arweave.crypto.hash(data);
console.log("SHA-256:", Arweave.utils.bufferTob64Url(hash256));
// SHA-384 hash
const hash384 = await Arweave.crypto.hash(data, "SHA-384");
console.log("SHA-384:", Arweave.utils.bufferTob64Url(hash384));Encrypt Data
Encrypt data using AES-GCM with PBKDF2 key derivation.
/**
* Encrypt data with AES-GCM
* @param data - Data to encrypt
* @param key - Encryption key as string or Uint8Array
* @param salt - Optional salt for key derivation
* @returns Promise resolving to encrypted data
*/
encrypt(
data: Uint8Array,
key: string | Uint8Array,
salt?: string
): Promise<Uint8Array>;Usage Example:
const secretData = new TextEncoder().encode("Secret message");
const password = "my-secure-password";
// Encrypt with password
const encrypted = await Arweave.crypto.encrypt(secretData, password);
console.log("Encrypted data:", Arweave.utils.bufferTob64Url(encrypted));
// Encrypt with custom salt
const encryptedWithSalt = await Arweave.crypto.encrypt(
secretData,
password,
"custom-salt"
);Decrypt Data
Decrypt AES-GCM encrypted data.
/**
* Decrypt AES-GCM encrypted data
* @param encrypted - Encrypted data
* @param key - Decryption key as string or Uint8Array
* @param salt - Optional salt used during encryption
* @returns Promise resolving to decrypted data
*/
decrypt(
encrypted: Uint8Array,
key: string | Uint8Array,
salt?: string
): Promise<Uint8Array>;Usage Example:
const secretData = new TextEncoder().encode("Secret message");
const password = "my-secure-password";
// Encrypt then decrypt
const encrypted = await Arweave.crypto.encrypt(secretData, password);
const decrypted = await Arweave.crypto.decrypt(encrypted, password);
// Convert back to string
const decryptedMessage = new TextDecoder().decode(decrypted);
console.log("Decrypted:", decryptedMessage); // "Secret message"PEM Utilities
Convert between PEM format and JWK format for key interoperability.
Convert PEM to JWK
/**
* Convert PEM format key to JWK
* @param pem - PEM formatted key string
* @param extras - Additional JWK properties
* @returns JWK interface
*/
pemTojwk(pem: string, extras?: any): JWKInterface;Usage Example:
import { pemTojwk } from "arweave/node/lib/crypto/pem";
const pemKey = `-----BEGIN RSA PRIVATE KEY-----
MIIEpAIBAAKCAQEA...
-----END RSA PRIVATE KEY-----`;
const jwk = pemTojwk(pemKey);
console.log("Converted JWK:", jwk);Convert JWK to PEM
/**
* Convert JWK to PEM format
* @param jwk - JSON Web Key
* @returns PEM formatted key string
*/
jwkTopem(jwk: JWKInterface): string;Usage Example:
import { jwkTopem } from "arweave/node/lib/crypto/pem";
const key = await Arweave.crypto.generateJWK();
const pemKey = jwkTopem(key);
console.log("PEM format:", pemKey);Advanced Cryptographic Operations
Deep Hash
Compute nested hash of complex data structures.
/**
* Compute deep hash of nested data structures
* @param data - Data as Uint8Array or array of Uint8Arrays
* @returns Promise resolving to deep hash
*/
deepHash(data: Uint8Array | Uint8Array[]): Promise<Uint8Array>;Usage Example:
import { deepHash } from "arweave/node/lib/deepHash";
// Hash simple data
const simpleData = new TextEncoder().encode("hello");
const simpleHash = await deepHash(simpleData);
// Hash nested structure
const nestedData = [
new TextEncoder().encode("item1"),
new TextEncoder().encode("item2"),
new TextEncoder().encode("item3")
];
const nestedHash = await deepHash(nestedData);Merkle Tree Operations
Generate and validate Merkle trees for data integrity.
/**
* Generate Merkle tree from data
* @param data - Data to create tree from
* @returns Promise resolving to Merkle tree root
*/
generateTree(data: Uint8Array): Promise<MerkelNode>;
/**
* Compute Merkle root hash
* @param data - Data to compute root for
* @returns Promise resolving to root hash
*/
computeRootHash(data: Uint8Array): Promise<Uint8Array>;
/**
* Validate Merkle path
* @param id - Data identifier
* @param dest - Destination offset
* @param leftBound - Left boundary
* @param rightBound - Right boundary
* @param path - Merkle path proof
* @returns Promise resolving to validation result
*/
validatePath(
id: Uint8Array,
dest: number,
leftBound: number,
rightBound: number,
path: Uint8Array
): Promise<object | false>;Types
SignatureOptions
interface SignatureOptions {
/** PSS salt length for RSA-PSS signatures */
saltLength?: number;
}CryptoInterface
interface CryptoInterface {
generateJWK(): Promise<JWKInterface>;
sign(jwk: JWKInterface, data: Uint8Array, options?: SignatureOptions): Promise<Uint8Array>;
verify(publicModulus: string, data: Uint8Array, signature: Uint8Array): Promise<boolean>;
hash(data: Uint8Array, algorithm?: string): Promise<Uint8Array>;
encrypt(data: Uint8Array, key: string | Uint8Array, salt?: string): Promise<Uint8Array>;
decrypt(encrypted: Uint8Array, key: string | Uint8Array, salt?: string): Promise<Uint8Array>;
}MerkelNode
interface MerkelNode {
/** Node type (branch or leaf) */
type: string;
/** Node identifier */
id: Uint8Array;
/** Data hash */
dataHash: Uint8Array;
/** Minimum byte range */
minByteRange: number;
/** Maximum byte range */
maxByteRange: number;
/** Left child node (for branch nodes) */
leftChild?: MerkelNode;
/** Right child node (for branch nodes) */
rightChild?: MerkelNode;
}Constants
/** Default hash algorithm */
const DEFAULT_HASH_ALGORITHM: string = "SHA-256";
/** Supported hash algorithms */
const SUPPORTED_ALGORITHMS: string[] = ["SHA-256", "SHA-384"];Security Best Practices
Key Management
// ✅ Good: Generate keys securely
const key = await Arweave.crypto.generateJWK();
// ✅ Good: Store keys securely (not in code)
const keyString = JSON.stringify(key);
// Store keyString in secure storage
// ❌ Bad: Never hardcode keys
const hardcodedKey = { d: "secret-value", ... };Data Validation
// Always verify signatures before trusting data
const transaction = await arweave.transactions.get("tx-id");
const isValid = await arweave.transactions.verify(transaction);
if (!isValid) {
throw new Error("Invalid transaction signature");
}Encryption
// Use strong passwords for encryption
const strongPassword = generateSecurePassword(); // Your secure password generation
const encrypted = await Arweave.crypto.encrypt(data, strongPassword);
// Always use random salts in production
const salt = crypto.getRandomValues(new Uint8Array(16));
const encrypted = await Arweave.crypto.encrypt(data, password, salt);